Skip to content

Instantly share code, notes, and snippets.

@chrisdchristo
Created December 28, 2013 14:33
Show Gist options
  • Save chrisdchristo/8160080 to your computer and use it in GitHub Desktop.
Save chrisdchristo/8160080 to your computer and use it in GitHub Desktop.
101: Tomcat

101: Tomcat

sudo apt-get install tomcat7

Setup Environment

Open up global profile:

sudo nano /etc/profile

Add this to global profile:

export CATALINA_HOME##/usr/share/tomcat7
export CATALINA_BASE##/var/lib/tomcat7

Add a symlink to lib folder in CATALINA_BASE

For some reason, Tomcat does not add a link to the $CATALINA_HOME/lib folder in $CATALINA_BASE. So lets add this for our convenience, nothing more.

sudo ln -s /usr/share/tomcat7/lib /var/lib/tomcat7/lib

Install APR (Apache Portable Runtime):

sudo apt-get install libapr1 libaprutil1 libapr1-dev libssl-dev make

Install Tomcat Native

Grab the latest version from http://tomcat.apache.org/download-native.cgi

Then wget it on your server and untar it.

cd jni/native
sudo ./configure --with-apr##/usr/bin/apr-1-config --with-java-home##$JAVA_HOME --with-ssl##yes --prefix##$CATALINA_HOME
sudo make && make install

You might need to do all the above as root user (and not just plain sudo).

Check that libtcnative* are now in /usr/share/tomcat7/lib

Then, open up your setenv.sh file:

sudo nano $CATALINA_HOME/bin/setenv.sh

and add the lines:

LD_LIBRARY_PATH##$LD_LIBRARY_PATH:$CATALINA_HOME/lib
export LD_LIBRARY_PATH

chmod the file:

chmod 751 setenv.sh

You will also need to allow the tomcat user access to the SSL files. This is done by adding the tomcat user to the ssl-cert group:

sudo usermod -a -G ssl-cert tomcat7

Also just double check the permissions on your private key are as follows:

sudo chown root:ssl-cert /etc/ssl/private/official-ssl.key
sudo chmod 640 /etc/ssl/private/official-ssl.key

Setup Config file

Open up the server.xml file:

sudo nano /var/lib/tomcat7/conf/server.xml

Open up a port 8080 (http-alt) connector, and an SSL port 9090 connector. Open up these ports on your firewall.

<?xml version##'1.0' encoding##'utf-8'?>
<Server port##"8005" shutdown##"SHUTDOWN">
  <Listener className##"org.apache.catalina.core.AprLifecycleListener" SSLEngine##"on"/>
  <Listener className##"org.apache.catalina.core.JasperListener" />
  <Listener className##"org.apache.catalina.core.JreMemoryLeakPreventionListener" />
  <Listener className##"org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
  <Listener className##"org.apache.catalina.core.ThreadLocalLeakPreventionListener" />

  <GlobalNamingResources>
    <Resource name##"UserDatabase" auth##"Container"
              type##"org.apache.catalina.UserDatabase"
              description##"User database that can be updated and saved"
              factory##"org.apache.catalina.users.MemoryUserDatabaseFactory"
              pathname##"conf/tomcat-users.xml" />
  </GlobalNamingResources>

  <Service name##"Catalina">

    <Connector port##"8080" protocol##"HTTP/1.1"
               connectionTimeout##"20000"
               URIEncoding##"UTF-8"
               redirectPort##"9090" />
    <Connector port##"9090" protocol##"org.apache.coyote.http11.Http11AprProtocol"
               SSLEnabled##"true" scheme##"https" secure##"true"
               maxThreads##"200"
               SSLCACertificateFile##"/etc/ssl/custom/certs/official-www-mydomain-com-ad-inter.crt"
               SSLCertificateFile##"/etc/ssl/custom/certs/official-www-mydomain-com.crt"
               SSLCertificateKeyFile##"/etc/ssl/custom/keys/official-www-mydomain-com.key" />
    <Engine name##"Catalina" defaultHost##"localhost">
      <Realm className##"org.apache.catalina.realm.LockOutRealm">
        <Realm className##"org.apache.catalina.realm.UserDatabaseRealm"
               resourceName##"UserDatabase"/>
      </Realm>

      <Host name##"localhost"  appBase##"webapps"
            unpackWARs##"true" autoDeploy##"true">
        <Valve className##"org.apache.catalina.valves.AccessLogValve" directory##"logs"
               prefix##"localhost_access_log." suffix##".txt"
               pattern##"%h %l %u %t %r %s %b" />
      </Host>
    </Engine>
  </Service>
</Server>

Restart the service:

sudo /etc/init.d/tomcat7 restart

Check the ROOT app on Tomcat, https://mydomain.com:9090/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment